GDPR - Legitimate Interest

Posted on 6th August 2018 at 15:26

Even the ICO admits ‘Consent’ that meets GDPR standards is difficult to obtain. There are, however, six bases for processing data and you will need to choose the most appropriate. The DMA and its partners have lobbied for the continued use of ‘legitimate interest’ and this may be the most appropriate of the six bases in most cases.

There are three elements to the ‘legitimate interests’ basis that you need to follow -

• Are you pursuing legitimate interests?

• Can you show that the processing is necessary for that purpose

• balance it against the individual’s interests, rights and freedoms

Effectively ‘legitimate interest’ means that there would be a relevant and appropriate relationship between the data subject and the controller, i.e. the people you’re marketing to would expect to hear from you and not object. For example, a pet food manufacturer contacting pet shops, or a van dealership contacting a fleet manager. You must also include an option to opt-out at every opportunity, act upon response by ensuring a record is made and maintained to avoid future misuse of data. Regular consent reviews should be implemented.